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AMENDMENTS TO THE CLAIMS 

This listing of claims will replace all prior versions, and listings, of claims 
in the application: 

Listing of Claims: 



1 1-24 (Canceled). 

1 25. (Currently amended) A method for managing encryption within a 

2 database system, wherein encryption is performed automatically and transparently 

3 to a user of the database system, the method comprising: 

4 receiving a request at the database system to store data in the database 

5 system; 

6 wherein the request is directed to storing data in a portion of the database 

7 system that has been designated as encrypted; 

8 wherein the portion of the database system that has been designated as 

9 encrypted is one or more columns of the database system; 

1 0 in response to receiving the request: 

1 1 creating a digest of the data, wherein the digest is a 

1 2 cryptographic function of the data, and 

1 3 automatically encrypting data within the database system 

14 using an encryption function to produce an encrypted data, wherein 

1 5 using the encryption function involves using an encryption key 

16 recovered from an obfuscated copy of a keyfile stored within 

1 7 volatile memory of a server of the database system ; and 

1 8 storing the encrypted data in the database system; 

19 wherein the digest is used to detect tampering with the encrypted data. 

2 
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1 26. (Previously presented) The method of claim 25, 

2 wherein the encryption function uses a key stored in a keyfile managed by 

3 a security administrator; and 

4 wherein the encrypted data is stored using a storage function of the 

5 database system. 

1 27. (Previously presented) The method of claim 26, further comprising: 

2 receiving a request to retrieve data from the column of the database 

3 system; 

4 if the request to retrieve data is received from a database administrator, 

5 preventing the database administrator from decrypting the encrypted data; 

6 if the request to retrieve data is received from the security administrator, 

7 preventing the security administrator from decrypting the encrypted data; and 

8 if the request to retrieve data is from an authorized user of the database 

9 system, allowing the authorized user to decrypt the encrypted data. 

1 28. (Previously presented) The method of claim 26, wherein the security 

2 administrator selects one of, data encryption standard (DES) and triple DES as a 

3 mode of encryption for the column. 

1 29. (Previously presented) The method of claim 26, wherein the security 

2 administrator, a database administrator, and a user administrator are distinct roles, 

3 and wherein a person selected for one of these roles is not allowed to be selected 

4 for another of these roles. 

1 30. (Previously presented) The method of claim 26, wherein managing the 

2 keyfile includes, but is not limited to: 

3 creating the keyfile; 
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4 establishing a plurality of keys to be stored in the keyfile; 

5 establishing a relationship between a key identifier and the key stored in 

6 the keyfile; 

7 storing the keyfile in one of, 

8 an encrypted file in the database system, and 

9 a location separate from the database system; and 

1 0 moving the obfuscated copy of the keyfile to the volatile memory within a 

1 1 server associated with the database system. 

1 31. (Previously presented) The method of claim 30, wherein the key 

2 identifier associated with the column is stored as metadata associated with a table 

3 containing the column within the database system. 

1 32. (Previously presented) The method of claim 30, further comprising 

2 establishing encryption parameters for the column, wherein encryption parameters 

3 include encryption mode, key length, and integrity type by: 

4 entering encryption parameters for the column manually; and 

5 recovering encryption parameters for the column from a profile table in the 

6 database system. 

1 33. (Previously presented) The method of claim 26, wherein upon 

2 receiving a request from the security administrator specifying the column to be 

3 encrypted, if the column currently contains data, the method further comprises: 

4 decrypting the column using an old key if the column was previously 

5 encrypted; and 

6 encrypting the column using a new key. 
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1 34. (Currently amended) A computer-readable storage medium storing 

2 instructions that when executed by a computer causes the computer to perform a 

3 method for managing encryption within a database system, wherein encryption is 

4 performed automatically and transparently to a user of the database system, the 

5 method comprising: 

6 receiving a request at the database system to store data in the database 

7 system; 

8 wherein the request is directed to storing data in a portion of the database 

9 system that has been designated as encrypted; 

1 0 wherein the portion of the database system that has been designated as 

1 1 encrypted is one or more columns of the database system; 

1 2 in response to receiving the request: 

1 3 creating a digest of the data, wherein the digest is a 

1 4 cryptographic function of the data, and 

1 5 automatically encrypting data within the database system 

1 6 using an encryption function to produce an encrypted data, wherein 

1 7 using the encryption function involves using an encryption key 

1 8 recovered from an obfuscated copy of a keyfile stored within 

1 9 volatile memor y of a server of the database system : and 

20 storing the encrypted data in the database system; 

2 1 wherein the digest is used to detect tampering with the encrypted data. 

1 35. (Previously presented) The computer-readable storage medium of 

2 claim 34, 

3 wherein the encryption function uses a key stored in a keyfile managed by 

4 a security administrator; and 

5 wherein the encrypted data is stored using a storage function of the 

6 database system. 

5 



LS W:\Oracle Corporation\OR00\OR00-03802\Amendment F OR00-03802.doc 



1 36. (Previously presented) The computer-readable storage medium of 

2 claim 35, the method 

3 further comprising: 

4 receiving a request to retrieve data from the column of the database 

5 system; 

6 if the request to retrieve data is received from a database administrator, 

7 preventing the database administrator from decrypting the encrypted data; 

8 if the request to retrieve data is received from the security administrator, 

9 preventing the security administrator from decrypting the encrypted data; and 

1 0 if the request to retrieve data is from an authorized user of the database 

1 1 system, allowing the authorized user to decrypt the encrypted data. 

1 37. (Previously presented) The computer-readable storage medium of 

2 claim 35, wherein the security administrator selects one of, data encryption 

3 standard (DES) and triple DES as a mode of encryption for the column. 

1 38. (Previously presented) The computer-readable storage medium of 

2 claim 35, wherein the security administrator, a database administrator, and a user 

3 administrator are distinct roles, and wherein a person selected for one of these 

4 roles is not allowed to be selected for another of these roles. 

1 39. (Previously presented) The computer-readable storage medium of 

2 claim 35, wherein managing the keyfile includes, but is not limited to: 

3 creating the keyfile; 

4 establishing a plurality of keys to be stored in the keyfile; 

5 establishing a relationship between a key identifier and the key stored in 

6 the keyfile; 

7 storing the keyfile in one of, 
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8 an encrypted file in the database system, and 

9 a location separate from the database system; and 

1 0 moving the obfuscated copy of the keyfile to the volatile memory within a 

1 1 server associated with the database system. 

1 40. (Previously presented) The computer-readable storage medium of 

2 claim 39, wherein the key identifier associated with the column is stored as 

3 metadata associated with a table containing the column within the database 

4 system. 

1 41 . (Previously presented) The computer-readable storage medium of 

2 claim 39, wherein the method further comprises establishing encryption 

3 parameters for the column, wherein encryption parameters include encryption 

4 mode, key length, and integrity type by: 

5 entering encryption parameters for the column manually; and 

6 recovering encryption parameters for the column from a profile table in the 

7 database system. 

1 42. (Previously presented) The computer-readable storage medium of 

2 claim 35, wherein upon receiving a request from the security administrator 

3 specifying the column to be encrypted, if the column currently contains data, the 

4 method further comprises: 

5 decrypting the column using an old key if the column was previously 

6 encrypted; and 

7 encrypting the column using a new key. 
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1 43. (Currently amended) An apparatus that facilitates managing encryption 

2 within a database system, wherein encryption is performed automatically and 

3 transparently to a user of the database system, comprising: 

4 a receiving mechanism that is configured to receive a request at the 

5 database system to store data in the database system; 

6 wherein the request is directed to storing data in a portion of the database 

7 system that has been designated as encrypted; 

8 wherein the portion of the database system that has been designated as 

9 encrypted is one or more columns of the database system; 

10 a digest creating mechanism configured to create a digest of the data, 

1 1 wherein the digest is a cryptographic function of the data; 

1 2 an encrypting mechanism that is configured to automatically encrypt data 

13 within the database system using an encryption function to produce an encrypted 

14 data, wherein using the encryption function involves using an encryption key 

1 5 recovered from an obfuscated copy of a keyfile stored within volatile memory of a 

16 server of the database system ; and 

17 a storing mechanism that is configured to store the encrypted data in the 

18 database system; 

19 wherein the digest is used to detect tampering with the encrypted data. 

1 44. (Previously presented) The apparatus of claim 43, 

2 wherein the encryption function uses a key stored in a keyfile managed by 

3 a security administrator; and 

4 wherein the encrypted data is stored using a storage function of the 

5 database system. 

1 45. (Previously presented) The apparatus of claim 44, further comprising: 
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2 the receiving mechanism that is further configured to receive a request to 

3 retrieve data from the column of the database system; 

4 an access mechanism that is configured to prevent a database administrator 

5 and the security administrator from decrypting the encrypted data; and 

6 wherein the access mechanism is configured to allow an authorized user 

7 of the database system to decrypt the encrypted data. 

1 46. (Previously presented) The apparatus of claim 44, further comprising a 

2 selection mechanism that is configured to select one of, data encryption standard 

3 (DES) and triple DES as a mode of encryption for the column. 

1 47. (Previously presented) The apparatus of claim 44, wherein the security 

2 administrator, a database administrator, and a user administrator are distinct roles, 

3 and wherein a person selected for one of these roles is not allowed to be selected 

4 for another of these roles. 

1 48. (Previously presented) The apparatus of claim 44, further comprising: 

2 a creating mechanism that is configured to create the keyfile; 

3 an establishing mechanism that is configured to establish a plurality of 

4 keys to be stored in the keyfile; 

5 wherein the establishing mechanism is further configured to establish a 

6 relationship between a key identifier and the key stored in the keyfile; 

7 wherein the storing mechanism is further configured to store the keyfile in 

8 one of, 

9 an encrypted file in the database system, and 

1 0 a location separate from the database system; and 
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1 1 a moving mechanism that is configured to move the obfuscated copy of 

12 the keyfile to the volatile memory within a server associated with the database 

13 system. 

1 49. (Previously presented) The apparatus of claim 48, wherein the key 

2 identifier associated with the column is stored as metadata associated with a table 

3 containing the column within the database system. 

1 50. (Previously presented) apparatus of claim 48, wherein the establishing 

2 mechanism is further configured to establish encryption parameters for the 

3 column, wherein encryption parameters include encryption mode, key length, and 

4 integrity type, and wherein the establishing mechanism includes: 

5 an entering mechanism that is configured to enter encryption parameters 

6 for the column manually; and 

7 a recovering mechanism that is configured to recover encryption 

8 parameters for the column from a profile table in the database system. 

1 51. (Previously presented) The apparatus of claim 44, further comprising: 

2 a decrypting mechanism that is configured to decrypt the column using a 

3 previous key if the column was previously encrypted; and 

4 wherein the encrypting mechanism is further configured to encrypt the 

5 column using a new key. 
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